New Buzzword, New Coverage You Need: Cyber Insurance and Your Business

Cyber floats around the boardroom now like synergies and paradigm shift did five years ago – they are not exactly meaningless words and phrases, but they are vague enough to be easily ignored. I am not here to tell you what to do with corporate jargon, but I will point out that overlooking cyber means overlooking cybersecurity, which puts you and your business at risk.

Everyone should be aware of cybersecurity practices, and the implications of cyberattacks, but it is especially important for business owners: If you own a business, you almost certainly use the Internet, and if you use the Internet, you are at risk for a cyberattack.

Cyber Security Awareness

Merriam-Webster defines cyberattack as “an attempt to gain illegal access to a computer or computer system for the purpose of causing damage or harm.” These attacks come in many forms:

• Phishing emails that aim to steal login credentials or credit card information
• Ransomware that kidnaps your system, and demands a ransom in order to release it
• Spyware (sometimes called Malware) that sneakily steals data from your network
• And numerous others, with equally fun and frightening names

In addition to lost revenue and ransom payments, businesses face lawsuits and damaged credibility from cyberattacks, if, for instance, client data is breached.

To reduce the likelihood of a successful cyberattack, businesses should work with their IT services provider, as well as qualified risk managers (often their commercial insurance broker), to ensure there are no gaps in their network security systems.

Unfortunately, many cyberattacks cannot be prevented, even with strong cybersecurity practices in place. To make sure your business is protected following a cyberattack, add cyber coverage to your insurance policy.

Cyber insurance is a relatively new offering, and the majority of companies do not have it, but it is recommended for businesses of all sizes. Cyber policies usually cover some combination of the following:

• Business Interruption ­– costs incurred if a cyberattack interrupts your services, resulting in the loss of profits, or increased expenses to continue working.
• System and Data Damage – costs to restore data and systems that were damaged during the attack.
• Extortion Payments – monies paid to the attacker, if they hack into your system and threaten damage if payment is not made. (Before paying the extortion, consult with your insurance company’s claims department.)
• Forensic Investigations – costs to hire specialists to examine the cyberattack, help restore data if possible, and provide recommendations for better future security practices.
• Notification – costs to alert clients affected by a data breach.
• Crisis Management or Public Relations – costs of restoring your business’ reputation in the aftermath of the breach.
• Regulatory Defense – fines and penalties levied by the local regulatory body following a breach.
• Network Security and Network Privacy Liability – defense and damages costs for lawsuits that result from a data breach, including those accusing you of not properly protecting your network and/or data.

In 2016, the Insurance Information Institute conducted a survey of small businesses and found that while 10% of the companies surveyed had suffered a “cyber incident” in the past year, only one third of surveyed organizations had cyber insurance coverage.

The number of cyber insurance claims is increasing rapidly, especially amongst small- to medium-sized businesses. According to CFC Underwriting, an online insurance provider specializing in emerging risks, “Cyber insurance pays more claims than any other type of insurance.”  (To read CFC’s six reasons your business needs cyber insurance, click here.)

And it’s not just the amount of cyber insurance claims that is increasing, the costs associated with cybercrime are rising dramatically. Multinational business consulting group Accenture reports that the costs of cybercrime have increased 12% in the past year, and 72% in the past five years (to read their full cost of cybercrime study, click here).

Knowing this information, can your business afford not to carry cyber insurance?

October is Cybersecurity Awareness Month, and while there is far less good food associated with this than the other October festivities, there is a lot of knowledge to be consumed:

Cisco, an multinational tech company, publishes a lot of information on cyberattacks and network security, including a list of the most common types of cyberattacks.

The Insurance Bureau of Canada (IBC) can tell you what to consider when buying cyber insurance, and give you facts about cybercrime in general.

Varonis, a Data Security company that works with organizations as big as Coca-Cola and Toyota, published 60 Must-Know Cybersecurity Statistics for 2019 earlier this year.